IETF Logo Mail Archive

Re: [Crypto-panel] Request for review: draft-irtf-cfrg-pairing-friendly-curves-03

Yumi Sakemi <yumi.sakemi@lepidum.co.jp> Fri, 29 May 2020 15:21 UTC

Return-Path: <yumi.sakemi@lepidum.co.jp>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B89E3A0C3B for <crypto-panel@ietfa.amsl.com>; Fri, 29 May 2020 08:21:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, GB_ABOUTYOU=0.5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lepidum-co-jp.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6YXubhXf4Ig for <crypto-panel@ietfa.amsl.com>; Fri, 29 May 2020 08:21:24 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD94A3A0C3E for <crypto-panel@irtf.org>; Fri, 29 May 2020 08:21:23 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id k5so3040749lji.11 for <crypto-panel@irtf.org>; Fri, 29 May 2020 08:21:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lepidum-co-jp.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MMuCXSglDRTPfUDGbvjAHlS41D7ZtVTDet6s9bO6tj4=; b=iTilFuaLaT7WJRjTxV+E9eFqnjch9ECy2T6xVSA+HVQ53jCbH52XfneLQU51He2JWR wZob7Cnib9G4pUwGTFOcmgNaKE9TIDoEJvJRruHc5kN9IZ2GFOVoK3EOtsgv25SFktE2 jpV+o6XEb8meO4xBjAvi/qyjouYLZyIXJtvGefz4Pu/ePhkVgc0NQDH1c2id86g4xWzL cffWBDPK2zRSYSK8GOZGcTIhkSR4d/N/6D+iwzU8DV+1eMPe4raukYjWtTsK9hUVcOKO F0Lh3N/qBz9dIsYs0ldoMxnG8E/v9pVyxcpjA3wHY+3SPcVS1yT38i3eEVTM3HMaDh2L h2gQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MMuCXSglDRTPfUDGbvjAHlS41D7ZtVTDet6s9bO6tj4=; b=qPN193cvyFy+mC3pS9bF9kPAqOdC3wU1m58ak1D0b53MIEOPOAW4tcszFtZMiyH/xa DQzlKivU5wNPQgL8yqII04cRY63HGaxbBl9XcfCKZpz33F+EF23eLw2ADLCJ5SzAHMmJ UBwG6jiFdrCaNqmn1w5mkUNaL8jDM9NJOWyTZLU42gBhiZtepTptG3f3JZcOjjJSOily 9mF+dCBbaV5vNnDGhj6h7fVksj5j291NrBnbHKoJiilrfwVHLZHgYtbv2TRUmfEP749z VoZ6Q4XaUkV5ldOdwBnNcWWO67aFRM2NHTH1B+IwuiZtNorVIG1eqc6Mf9aSrWEgGEEP MuhQ==
X-Gm-Message-State: AOAM531FbzlUltc1RyzRDygaRrDFCP6C7C7Enx46QTA40c7uB4281/yQ Byyj685GoBI7RFGTnouEjNQgFgxLsMKc/by6b24DuTestLM=
X-Google-Smtp-Source: ABdhPJxZIWlNAqglXpApCWNWfdWq5CAYiBeJs92e4k6f/IjWFqlaflDZi//RzTS8CSG8Qd8SU0qhtYx2+ozfu2jzko4=
X-Received: by 2002:a2e:9e97:: with SMTP id f23mr4474654ljk.182.1590765681300; Fri, 29 May 2020 08:21:21 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6mjt+cMAnEtJibkGvH5Lod4Akcv57x+fd-nYvAxtG=gmg@mail.gmail.com> <CAL+7JtTOVsuTOvM8DyAaVmbAkFvB+Y+-jaHXUnLQVQqnJDyQ6A@mail.gmail.com> <CAMr0u6=8gjBWifvW-7tkWjTXuKM1_Uu9xcgY5vZE=gNMbP_Emw@mail.gmail.com> <CAL+7JtS0FcGLB2hzVw=36M=JzZUofs5NWV3b_QDAAPfGoOmeOg@mail.gmail.com> <CAMr0u6=OgC_6RsqiFNm-8wrMVxJ7Nvecn_fWQ8pNHXk1ABHWHw@mail.gmail.com> <CAL+7JtSZa=3y5_tdgi11Q3_rFWT7tAUWpTZEzXv1-c0_VBC78A@mail.gmail.com> <CAMr0u6=cJKSf+OgXctSMzBVT3n3AK9qaTr-6XNRo74FO0zDnKA@mail.gmail.com> <002201d61c30$4f561da0$ee0258e0$@hco.ntt.co.jp_1> <CAA4D8Kbp26=zo4H-so6jBRVzQ-MP5zai7TK3=Vr2J8-Xz0-x7g@mail.gmail.com>
In-Reply-To: <CAA4D8Kbp26=zo4H-so6jBRVzQ-MP5zai7TK3=Vr2J8-Xz0-x7g@mail.gmail.com>
From: Yumi Sakemi <yumi.sakemi@lepidum.co.jp>
Date: Sat, 30 May 2020 00:21:10 +0900
Message-ID: <CAA4D8KbRkXipMp-Hxi6ch6+09DquU-fS6MRP8qP=v8dLWSiU-w@mail.gmail.com>
To: crypto-panel@irtf.org, Chloe Martindale <chloemartindale@gmail.com>, "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: cfrg-chairs@ietf.org, Tetsutaro Kobayashi <tetsutaro.kobayashi.dr@hco.ntt.co.jp>, SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/ovFBTLL9ghwl0_SBdNGpnIC_a8s>
Subject: Re: [Crypto-panel] Request for review: draft-irtf-cfrg-pairing-friendly-curves-03
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2020 15:21:26 -0000

Dear Chloe

We appreciate a lot of constructive comments received at Expert Review.

We are currently working on updating our draft.
Last week, Nick created a repository for pairing-friendly curves on
CFRG's official GitHub, so we plan to update our draft using the issue
tracker.
The updating for your comments will be made available to you on the
following issue page.

https://github.com/cfrg/draft-irtf-cfrg-pairing-friendly-curves/issues

We will contact you again when all the comments have been updated.
In that case, we would be glad if you could check them.

In addition, before updating, there is a comment that we would like to
inform you about the policy of update.
The comment is about the recommended curve for 128-bit security level.

First of all, thank you for teaching us a peer-reviewed paper for BLS12-381.
The comment is about the recommended curve for 128-bit security level.
Due to our lack of investigation, we made the wrong decision that
BLS12-381 was not matched in our selection policy.

Your comment pointed out that BLS12-381 is moved to the recommended
curve and BN462 is moved to the Appendix.
We understood the disadvantages of BN462 that you were concerned
about, but we would like to recommend both BLS12-381 and BN462.
The reason is as follows.

CFRG aims to standardize cryptographic technology for future Internet use.
We agree that BLS12-381 with a 126-bit security level is the best
match as a curve of 128-bit security level "at this time" from the
viewpoint of security and efficiency.
On the other hand, the security of BLS12-381 is already less than
128bit, so from the viewpoint of future use, if the attack is improved
even a little, it will not be suitable for a curve of 128-bit security
level.
Considering that the curve of 128-bit security level is often used at current.
So, we would like to recommend both BLS12-381 and BN462 considering
the future use and the safety side.

However, as you pointed out, BN462 has the disadvantage of being too
slow compared to BLS12-381.
Then, the reader will be confused if there are two parameters of
128-bit security level, so we will add the basis for selection by
adding the explanation of merits and demerits for each parameter.
And, we will also add a description about the disadvantages of BN462
regarding efficiency.

If you have any problems with the updating policy, we would like you to comment.

Best regards,
Yumi






2020年4月27日(月) 21:58 Yumi Sakemi <yumi.sakemi@lepidum.co.jp>:
>
> Dear Chloe
>
> I appreciate your review.
> I'm very glad to receive many constructive comments!
> I will discuss about your comments with co-authors and revise our
> draft to reflect your comments in our draft.
> I think it will be a better draft by reflecting your comments.
>
> As co-author Tsunekazu e-mailed, we're  planning to submit version 04,
> because we were independently working on updating of abstract,
> introduction (sec. 1.3) and proofreading of English in parallel with
> the expert review.
> (Version 04 will not be reflected your comments.)
>
> Comments from Chloe will be reflected in the version 05.
> We will submit version 05 in mid-May and we will report you when we
> submit version 05.
>
> Dear Stanislav
>
> Thank you very much for proceeding to the Expert review.
> We received a lot of constructive comments from Chloe, so I think it
> is difficult to manage comments by email.
> (Because there are over 100 comments from Chloe.)
>
> Therefore, I would like to use the issue management function of GitHub
> so that it is easy to check the reflecting status of Chloe's comments.
> So, I'd like to use the repository of pairing-friendly curves draft on
> CFRG's GitHub
> because BLS signature which is similar in terms of IRTF stream is also
> registered on the GitHub.
> Could you register the repository for the draft of pairing-friendly
> curves on the following CFRG's GitHub?
>
> https://github.com/cfrg
>
> Best regards,
> Yumi
>
> 2020年4月27日(月) 10:09 SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp>:
> >
> > Dear Chloe, Stanislav,
> >
> >
> >
> > This is Tsunekazu.
> >
> >
> >
> > We plan to update the draft to version 04 soon.
> >
> > As the contents of the update, we changed the wording of Section 1.3 and security consideration.
> >
> > Yumi will submit the 4th edition, so please wait a moment.
> >
> >
> >
> > Best regards,
> >
> > Tsunekazu
> >
> >
> >
> > From: Stanislav V. Smyshlyaev <smyshsv@gmail.com>
> > Sent: Sunday, April 26, 2020 2:30 PM
> > To: Chloe Martindale <chloemartindale@gmail.com>; SAITO Tsunekazu <tsunekazu.saito.hg@hco.ntt.co.jp>; Tetsutaro Kobayashi <tetsutaro.kobayashi.dr@hco.ntt.co.jp>; Yumi Sakemi <yumi.sakemi@lepidum.co.jp>
> > Cc: cfrg-chairs@ietf.org; crypto-panel@irtf.org
> > Subject: Re: [Crypto-panel] Request for review: draft-irtf-cfrg-pairing-friendly-curves-03
> >
> >
> >
> > Dear Chloe,
> >
> > Many thanks for your review (such a great and a prompt one!).
> >
> >
> >
> > Dear Yumi, Saito, Tetsutaro, do you plan to update your draft taking into account Chloe’s review?
> >
> >
> >
> > Best regards,
> >
> > Stanislav
> >
> >
> >
> > пт, 24 апр. 2020 г. в 19:49, Chloe Martindale <chloemartindale@gmail.com>:
> >
> > Hi all,
> >
> >
> >
> > review is attached.
> >
> >
> >
> > All the best,
> >
> > Chloe
> >
> >
> >
> > On Tue, 21 Apr 2020 at 18:05, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
> >
> > Sure - it is
> >
> > https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-03
> >
> >
> >
> > Thank you again!
> >
> >
> >
> > Regards,
> >
> > Stanislav
> >
> >
> >
> > вт, 21 апр. 2020 г. в 19:10, Chloe Martindale <chloemartindale@gmail.com>:
> >
> > Just to be sure, can you point me towards the most recent version of the draft please?
> >
> >
> >
> > Thanks,
> >
> > Chloe
> >
> >
> >
> > On Tue, 21 Apr 2020 at 13:17, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
> >
> > Great, many thanks, Chloe!
> >
> >
> >
> > Kind regards,
> >
> > Nick, Alexey, Stanislav
> >
> >
> >
> > On Tue, 21 Apr 2020 at 15:16, Chloe Martindale <chloemartindale@gmail.com> wrote:
> >
> > I'll take a look this week.
> >
> >
> >
> > All the best,
> >
> > Chloe
> >
> >
> >
> > On Tue, 21 Apr 2020, 13:10 Stanislav V. Smyshlyaev, <smyshsv@gmail.com> wrote:
> >
> > Dear Crypto Panel members,
> >
> >
> >
> > The authors of the Pairing-Friendly Curves draft have addressed the concerns raised during the discussion and are ready to move to the next stage with the draft.
> >
> >
> >
> > Alexey, Nick and I would like to ask Crypto Review Panel members about the review(s) of draft-irtf-cfrg-pairing-friendly-curves-03.
> >
> >
> >
> > This memo introduces pairing-friendly curves used for constructing pairing-based cryptography. It describes recommended parameters for each security level and recent implementations of pairing-friendly curves.
> >
> >
> >
> >
> >
> > Can we have any volunteers, please?..
> >
> >
> >
> >
> >
> > Best regards,
> >
> > Stanislav (on behalf of chairs)
> >
> > _______________________________________________
> > Crypto-panel mailing list
> > Crypto-panel@irtf.org
> > https://www.irtf.org/mailman/listinfo/crypto-panel
>
>
>
> --
> Yumi Sakemi, Ph. D.
> Lepidum Co. Ltd.
> E-Mail: yumi.sakemi@lepidum.co.jp



-- 
Yumi Sakemi, Ph. D.
Lepidum Co. Ltd.

Tel: +81-3 6276 5103
E-Mail: yumi.sakemi@lepidum.co.jp

v2.23.0 | Report a Bug | By Email